2d92a653b9bdc500876791e2fddc05cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d92a653b9bdc500876791e2fddc05cd_JaffaCakes118
Size

1006KB
MD5

2d92a653b9bdc500876791e2fddc05cd
SHA1

72d7d7949faa5259b963301cd75f2c0511edc4a9
SHA256

3e6e98f7c1e466d9b2e9071f2f9b76f33abe10138126511739359d67ee857e49
SHA512

c388574d2f6d17371b3861a4e07b566a8cc3a250d0619ade2f31db90152e31e5b0cde66407fb74bc10739ebba29a54e939451c7826ff287bdd9ba6ebefa2544c
SSDEEP

24576:F/LQMASAVGev5z4Nzw1GvvuM0agSYiZAFI/W7vMcBB:F/kMvAME5cWM0rSYwAsjcBB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RunGuard_1.0.0.0.exe

Files

2d92a653b9bdc500876791e2fddc05cd_JaffaCakes118
.rar
RunGuard_1.0.0.0.exe
.exe windows:4 windows x86 arch:x86

75725390d9e96db1e12021e1ca72a731

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3874
ord4123
ord2859
ord2860
ord2380
ord2818
ord668
ord4202
ord924
ord860
ord2770
ord356
ord2614
ord3706
ord1641
ord3920
ord5875
ord2754
ord283
ord4133
ord4297
ord5788
ord472
ord801
ord6883
ord2763
ord6876
ord541
ord6877
ord1802
ord3582
ord2411
ord2023
ord4218
ord2578
ord4398
ord616
ord4480
ord755
ord470
ord4407
ord6741
ord6508
ord6197
ord4288
ord5781
ord3138
ord1816
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4425
ord809
ord641
ord556
ord324
ord4234
ord1088
ord2122
ord5280
ord6605
ord1175
ord4299
ord926
ord4710
ord3870
ord6453
ord6880
ord6215
ord2863
ord640
ord5785
ord1640
ord323
ord6358
ord1979
ord703
ord665
ord5186
ord6389
ord1643
ord354
ord403
ord1768
ord3619
ord2405
ord1829
ord3610
ord656
ord4694
ord5148
ord3693
ord4285
ord2089
ord1845
ord3631
ord683
ord3226
ord939
ord859
ord6598
ord6743
ord6515
ord1848
ord4243
ord1847
ord3639
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord692
ord3803
ord1906
ord3698
ord765
ord6734
ord1727
ord3711
ord783
ord3752
ord1924
ord3716
ord790
ord1927
ord3719
ord793
ord1929
ord2379
ord795
ord4278
ord6662
ord2381
ord1937
ord2587
ord4406
ord3394
ord3729
ord804
ord4267
ord2862
ord2919
ord1941
ord3398
ord3733
ord810
ord4271
ord3296
ord3597
ord6199
ord6241
ord3092
ord5953
ord3097
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1146
ord5981
ord2086
ord5861
ord923
ord1106
ord4224
ord1948
ord5303
ord4699
ord817
ord565
ord2726
ord4226
ord5715
ord2487
ord1567
ord1138
ord353
ord268
ord6385
ord3742
ord818
ord2567
ord2566
ord1270
ord1232
ord6442
ord700
ord686
ord2096
ord398
ord384
ord3290
ord6008
ord3287
ord4000
ord5594
ord1980
ord3178
ord4058
ord2781
ord913
ord4189
ord3181
ord6781
ord4125
ord2764
ord3303
ord2784
ord2452
ord2753
ord5787
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord3574
ord3402
ord5277
ord5290
ord2575
ord1795
ord6394
ord5450
ord6383
ord5440
ord4284
ord2642
ord4275
ord2414
ord3626
ord567
ord609
ord3571
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord3721
ord5261
ord6320
ord6242
ord537
ord536
ord6648
ord5710
ord940
ord922
ord941
ord3797
ord2864
ord3089
ord823
ord540
ord1168
ord2915
ord5572
ord5683
ord4129
ord858
ord800
ord535
ord825
ord1919
ord3663
ord1576

msvcrt

__CxxFrameHandler
memmove
atoi
_ftol
_mbsnbcpy
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
_setmbcp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_mbscmp

kernel32

GetModuleHandleA
MultiByteToWideChar
GetLogicalDriveStringsA
CreateDirectoryA
WinExec
DeleteFileA
Sleep
LoadResource
SizeofResource
GetVersionExA
IsBadStringPtrA
FindResourceA
GetModuleFileNameA
GetFileAttributesA
GetStartupInfoA

user32

GetClientRect
GetSystemMetrics
GetWindowDC
ReleaseDC
DrawFocusRect
PtInRect
EnableWindow
OffsetRect
IsWindowVisible
GetWindowRect
GetMessagePos
SetWindowTextA
GetFocus
SetCursor
GetWindowLongA
SendMessageA
GetSysColor
InvalidateRect
GetParent
GetClassNameA
IsWindow
SetWindowPos
MessageBoxA
PeekMessageA
PostThreadMessageA
DrawIcon
LoadIconA
GetCursorPos
ReleaseCapture
KillTimer
SetCapture
SetTimer
AdjustWindowRect
SetCaretPos
LoadCursorA
DrawIconEx
SetWindowLongA
GetMenuItemCount
GetMenuItemID
DeleteMenu
EnableMenuItem
InsertMenuA
BringWindowToTop
GetDC
CopyRect
IsIconic
LoadImageA
LoadBitmapA
WindowFromPoint
GetClassInfoA
EnumChildWindows
DefWindowProcA
SetWindowRgn
SetForegroundWindow
GetSystemMenu
CheckMenuItem
GetActiveWindow
SetRect
GetAsyncKeyState
ScreenToClient
IsZoomed

gdi32

GetTextExtentExPointA
DeleteDC
DeleteObject
CreateBitmap
GetDeviceCaps
CreateFontA
CreateDCA
CreatePen
GetBitmapBits
SetTextColor
SetBkColor
CreateCompatibleBitmap
SetStretchBltMode
CreateRoundRectRgn
Rectangle
CreateSolidBrush
BitBlt
StretchBlt
CreateFontIndirectA
CreateCompatibleDC
GetPixel
CreateRectRgn
GetRgnBox
OffsetRgn
RectInRegion
GetObjectA
GetTextExtentPoint32A
SelectObject
RoundRect
CreateRectRgnIndirect
SetBitmapBits
GetStockObject
CombineRgn

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

SHChangeNotify
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount

ole32

CoCreateInstance
CoInitialize

winmm

PlaySoundA

msimg32

TransparentBlt

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

75725390d9e96db1e12021e1ca72a731

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

winmm

msimg32

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB